Description of problem: The "secret" in oauthclient/kibana-proxy did not match the one in the secret/logging-kibana-proxy file "oauth-secret". The one in the /etc/origin/logging/oauth_secret matched the one in oauthclient/kibana-proxy. The problem was fixed by changing secret/logging-kibana-proxy file "oauth-secret" to match the one in /etc/origin/logging/oauth_secret and "secret" in oauthclient/kibana-proxy. I'm not sure if the problem was that the secret/logging-kibana-proxy file "oauth-secret" was not updated, or if that value was updated but not the file or the oauthclient. Version-Release number of the following components: 3.11 rpm -q openshift-ansible rpm -q ansible ansible --version How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Please include the entire output from the last TASK line through the end of output if an error is generated Expected results: Additional info: Please attach logs from ansible-playbook with the -vvv flag
In 3.11.141, the oauthclient/kibana-proxy and oauth-secret/logging-kibana-proxy are same for both new-installaiton and redeploy certs. (Note: to generate a new oauth-secret, you have to delete /etc/origin/logging in the first before run openshift-logging/redeploy-certificates.yml)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2580
*** Bug 1752517 has been marked as a duplicate of this bug. ***